Apple Patches Bevy Of Tiger, Panther Bugs
The 10 bugs range in severity, with some able to be exploited remotely via the Apple Safari browser and others available only to malicious users inside a company's network or actually sitting at a vulnerable Mac.
The kit and caboodle was rated as "Highly critical" by Danish vulnerability tracker Secunia, which categorized the flaws under such groupings as "security bypass," "cross site scripting," and "exposure of sensitive information."
Apple released the fixes as Security Update 2005-008 in versions for Panther and Tiger. The patches can also be downloaded using the operating system's own Software Update command.
Like Microsoft, Apple releases security bulletins and patches for the disclosed vulnerabilities on a monthly schedule. Its bulletins typically contain numerous vulnerabilities; September's tally of 10, however, is far from a record. In August, Apple's 20005-007 bulletin patched more than 40 bugs.
The disclosure of Mac OS X bugs shouldn't be taking anyone by surprise. Earlier this week, Symantec's bi-annual Internet Security Threat Report noted that Apple's Mac OS X was in danger of becoming a target of hackers as the popularity of the platform rose.
"An ever-increasing number of users are adopting Mac OS X. Many of these users believe that this operating system and the applications that run on it are immune to traditional security concerns. However, evidence suggests that, increasingly, they may be operating under a false sense of security," said the report.
"Though vulnerabilities and malicious code targeting other operating systems continue to outnumber those on Mac OS X, Symantec recommends that users continue to apply security patches as they become available and continue to educate themselves on security issues affecting Mac OS X."